CVE-2008-3074

2009-02-21T17:30:00

ID CVE-2008-3074Type cveReporter NVDModified 2017-09-28T21:31:29

Description

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"seebug": [{"id": "SSV:4501", "type": "seebug", "title": "Vim\u591a\u4e2a\u63d2\u4ef6\u5b57\u7b26\u8f6c\u4e49\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e", "description": "BUGTRAQ ID: 32462,32463\r\nCVE(CAN) ID: CVE-2008-3074,CVE-2008-3074\r\n\r\nVIM\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u6587\u672c\u7f16\u8f91\u5668\uff0c\u53ef\u4f7f\u7528\u5728Unix/Linux\u64cd\u4f5c\u7cfb\u7edf\u4e0b\u3002\r\n\r\nVIM\u7684tar.vim\u548czip.vim\u63d2\u4ef6\u4e2dshellescape()\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5730\u8f6c\u4e49\u6240\u6709\u9879\uff08\u201c!\u201d\u5b57\u7b26\uff09\u3002\u5982\u679c\u7528\u6237\u4f7f\u7528tar.vim\u63d2\u4ef6\u6253\u5f00\u4e86TAR\u6587\u6863\u7684\u8bdd\uff0c\u5c31\u4f1a\u5bfc\u81f4\u4ee5\u8fd0\u884cVim\u7528\u6237\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nVIM Development Group VIM 7.1\r\nVIM Development Group VIM 7.0\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0580-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0580-01\uff1aModerate: vim security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0580.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0580.html</a>", "published": "2008-11-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-4501", "cvelist": ["CVE-2008-3074"], "lastseen": "2017-11-19T21:20:55"}], "nessus": [{"id": "DEBIAN_DSA-1733.NASL", "type": "nessus", "title": "Debian DSA-1733-1 : vim - several vulnerabilities", "description": "Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-2712 Jan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts. This could lead to the execution of arbitrary code.\n\n - CVE-2008-3074 Jan Minar discovered that the tar plugin of vim did not properly sanitise the filenames in the tar archive or the name of the archive file itself, making it prone to arbitrary code execution.\n\n - CVE-2008-3075 Jan Minar discovered that the zip plugin of vim did not properly sanitise the filenames in the zip archive or the name of the archive file itself, making it prone to arbitrary code execution.\n\n - CVE-2008-3076 Jan Minar discovered that the netrw plugin of vim did not properly sanitise the filenames or directory names it is given. This could lead to the execution of arbitrary code.\n\n - CVE-2008-4101 Ben Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the execution of arbitrary code.", "published": "2009-03-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35764", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:37:32"}, {"id": "CENTOS_RHSA-2008-0580.NASL", "type": "nessus", "title": "CentOS 5 : vim (CESA-2008:0580)", "description": "Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2010-01-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43697", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:42:50"}, {"id": "MANDRIVA_MDVSA-2008-236.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : vim (MDVSA-2008:236-1)", "description": "Several vulnerabilities were found in the vim editor :\n\nA number of input sanitization flaws were found in various vim system functions. If a user were to open a specially crafted file, it would be possible to execute arbitrary code as the user running vim (CVE-2008-2712).\n\nUlf H&Atilde;&curren;rnhammar of Secunia Research found a format string flaw in vim's help tags processor. If a user were tricked into executing the helptags command on malicious data, it could result in the execution of arbitrary code as the user running vim (CVE-2008-2953).\n\nA flaw was found in how tar.vim handled TAR archive browsing. If a user were to open a special TAR archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3074).\n\nA flaw was found in how zip.vim handled ZIP archive browsing. If a user were to open a special ZIP archive using the plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3075).\n\nA number of security flaws were found in netrw.vim, the vim plugin that provides the ability to read and write files over the network. If a user opened a specially crafted file or directory with the netrw plugin, it could result in the execution of arbitrary code as the user running vim (CVE-2008-3076).\n\nA number of input validation flaws were found in vim's keyword and tag handling. If vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitary code as the user running vim (CVE-2008-4101).\n\nA vulnerability was found in certain versions of netrw.vim where it would send FTP credentials stored for an FTP session to subsequent FTP sessions to servers on different hosts, exposing FTP credentials to remote hosts (CVE-2008-4677).\n\nThis update provides vim 7.2 (patchlevel 65) which corrects all of these issues and introduces a number of new features and bug fixes.\n\nUpdate :\n\nThe previous vim update incorrectly introduced a requirement on libruby and also conflicted with a file from the git-core package (in contribs). These issues have been corrected with these updated packages.", "published": "2009-04-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36821", "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:35:09"}, {"id": "SUSE_11_1_GVIM-090225.NASL", "type": "nessus", "title": "openSUSE Security Update : gvim (gvim-561)", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "published": "2009-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40230", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2009-0316", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:44:50"}, {"id": "REDHAT-RHSA-2008-0580.NASL", "type": "nessus", "title": "RHEL 5 : vim (RHSA-2008:0580)", "description": "Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2008-11-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=34953", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:43:23"}, {"id": "SUSE_11_0_GVIM-090225.NASL", "type": "nessus", "title": "openSUSE Security Update : gvim (gvim-561)", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "published": "2009-07-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39980", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2009-0316", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:45:26"}, {"id": "ORACLELINUX_ELSA-2008-0580.NASL", "type": "nessus", "title": "Oracle Linux 5 : vim (ELSA-2008-0580)", "description": "From Red Hat Security Advisory 2008:0580 :\n\nUpdated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nVim (Visual editor IMproved) is an updated and improved version of the vi editor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67722", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:43:38"}, {"id": "SL_20081125_VIM_ON_SL3_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64", "description": "Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)\n\nSL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432)\n\nSL5 Only: Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3076)\n\nSL5 Only: A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075)\n\nSL5 Only: A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf H&auml;rnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953)", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60500", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:33:23"}, {"id": "SUSE_GVIM-6023.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : gvim (gvim-6023)", "description": "The VI Improved editor (vim) was updated to version 7.2.108 to fix various security problems and other bugs.\n\nCVE-2008-4677: The netrw plugin sent credentials to all servers.\nCVE-2009-0316: The python support used a search path including the current directory, allowing code injection when python code was used.\nCVE-2008-2712: Arbitrary code execution in vim helper plugins filetype.vim, zipplugin, xpm.vim, gzip_vim, and netrw were fixed.\nCVE-2008-3074: tarplugin code injection CVE-2008-3075: zipplugin code injection CVE-2008-3076: several netrw bugs, code injection CVE-2008-6235: code injection in the netrw plugin CVE-2008-4677:\ncredential disclosure by netrw plugin", "published": "2009-03-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35921", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4677", "CVE-2009-0316", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-29T13:37:24"}], "openvas": [{"id": "OPENVAS:1361412562310900412", "type": "openvas", "title": "Vim Shell Command Injection Vulnerability (Linux)", "description": "This host is installed with Vim and is prone to Command Injection\n Vulnerability.", "published": "2008-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900412", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-11-21T11:05:15"}, {"id": "OPENVAS:900411", "type": "openvas", "title": "Vim Shell Command Injection Vulnerability (Windows)", "description": "This host is installed with Vim and is prone to Command Injection\n Vulnerability.", "published": "2008-12-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900411", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-07-02T21:10:22"}, {"id": "OPENVAS:870099", "type": "openvas", "title": "RedHat Update for vim RHSA-2008:0580-01", "description": "Check for the Version of vim", "published": "2009-03-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870099", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-07-27T10:55:59"}, {"id": "OPENVAS:63500", "type": "openvas", "title": "Debian Security Advisory DSA 1733-1 (vim)", "description": "The remote host is missing an update to vim\nannounced via advisory DSA 1733-1.", "published": "2009-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63500", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4104", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-07-24T12:56:45"}, {"id": "OPENVAS:830451", "type": "openvas", "title": "Mandriva Update for vim MDVSA-2008:236-1 (vim)", "description": "Check for the Version of vim", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830451", "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-07-24T12:56:04"}, {"id": "OPENVAS:830568", "type": "openvas", "title": "Mandriva Update for vim MDVSA-2008:236 (vim)", "description": "Check for the Version of vim", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830568", "cvelist": ["CVE-2008-3075", "CVE-2008-2953", "CVE-2008-3076", "CVE-2008-4677", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-07-24T12:57:05"}, {"id": "OPENVAS:1361412562310122541", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0580", "description": "Oracle Linux Local Security Checks ELSA-2008-0580", "published": "2015-10-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122541", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-07-24T12:52:41"}, {"id": "OPENVAS:63687", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:007", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "published": "2009-03-31T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63687", "cvelist": ["CVE-2009-0501", "CVE-2009-0733", "CVE-2009-0932", "CVE-2009-0915", "CVE-2008-3075", "CVE-2009-0723", "CVE-2008-2364", "CVE-2009-0584", "CVE-2008-3076", "CVE-2009-0502", "CVE-2009-0115", "CVE-2008-4677", "CVE-2009-0583", "CVE-2009-0916", "CVE-2007-6018", "CVE-2008-5917", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0930", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712", "CVE-2009-0581", "CVE-2009-0914"], "lastseen": "2017-07-26T08:55:23"}], "debian": [{"id": "DSA-1733", "type": "debian", "title": "vim -- several vulnerabilities", "description": "Several vulnerabilities have been found in vim, an enhanced vi editor. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2008-2712](<https://security-tracker.debian.org/tracker/CVE-2008-2712>)\n\nJan Minar discovered that vim did not properly sanitise inputs before invoking the execute or system functions inside vim scripts. This could lead to the execution of arbitrary code.\n\n * [CVE-2008-3074](<https://security-tracker.debian.org/tracker/CVE-2008-3074>)\n\nJan Minar discovered that the tar plugin of vim did not properly sanitise the filenames in the tar archive or the name of the archive file itself, making it prone to arbitrary code execution.\n\n * [CVE-2008-3075](<https://security-tracker.debian.org/tracker/CVE-2008-3075>)\n\nJan Minar discovered that the zip plugin of vim did not properly sanitise the filenames in the zip archive or the name of the archive file itself, making it prone to arbitrary code execution.\n\n * [CVE-2008-3076](<https://security-tracker.debian.org/tracker/CVE-2008-3076>)\n\nJan Minar discovered that the netrw plugin of vim did not properly sanitise the filenames or directory names it is given. This could lead to the execution of arbitrary code.\n\n * [CVE-2008-4101](<https://security-tracker.debian.org/tracker/CVE-2008-4101>)\n\nBen Schmidt discovered that vim did not properly escape characters when performing keyword or tag lookups. This could lead to the execution of arbitrary code.\n\nFor the oldstable distribution (etch), these problems have been fixed in version 1:7.0-122+1etch5.\n\nFor the stable distribution (lenny), these problems have been fixed in version 1:7.1.314-3+lenny1, which was already included in the lenny release.\n\nFor the testing distribution (squeeze), these problems have been fixed in version 1:7.1.314-3+lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 2:7.2.010-1.", "published": "2009-03-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1733", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2016-09-02T18:34:11"}], "centos": [{"id": "CESA-2008:0580", "type": "centos", "title": "vim security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0580\n\n\nVim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015453.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015454.html\n\n**Affected packages:**\nvim\nvim-X11\nvim-common\nvim-enhanced\nvim-minimal\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0580.html", "published": "2008-11-26T22:22:41", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015453.html", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2017-10-03T18:24:38"}], "oraclelinux": [{"id": "ELSA-2008-0580", "type": "oraclelinux", "title": "vim security update", "description": "[7.0.109-4.4z]\n- fix netrw\n[7.0.109-4.3z]\n- fixes CVE-2008-3074 (tar plugin)\n- fixes CVE-2008-3075 (zip plugin)\n- fixes CVE-2008-3076 (netrw plugin)\n- fixes CVE-2008-4101 (keyword and tag lookup)\n[7.0.109-4.2z]\n- fix some issues with netrw and remote file editing caused by\n the CVE-2008-2712 patch\n[7.0.109-4.1z]\n- more fixes for CVE-2008-2712\n[7.0.109-4.z]\n- fix release\n[7.0.109-3.1z]\n- rebuild for z stream\n[7.0.109-3.6]\n- re-enable debuginfo\n[7.0.109-3.5]\n- update netrw files for CVE-2008-2712\n[7.0.109-3.4]\n- add fixes for CVE-2007-2953 and CVE-2008-2712", "published": "2008-11-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0580.html", "cvelist": ["CVE-2008-3075", "CVE-2008-3076", "CVE-2007-2953", "CVE-2008-4101", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712"], "lastseen": "2016-09-04T11:16:01"}], "redhat": [{"id": "RHSA-2008:0580", "type": "redhat", "title": "(RHSA-2008:0580) Moderate: vim security update", "description": "Vim (Visual editor IMproved) is an updated and improved version of the vi\neditor.\n\nSeveral input sanitization flaws were found in Vim's keyword and tag\nhandling. If Vim looked up a document's maliciously crafted tag or keyword,\nit was possible to execute arbitrary code as the user running Vim.\n(CVE-2008-4101)\n\nMultiple security flaws were found in netrw.vim, the Vim plug-in providing\nfile reading and writing over the network. If a user opened a specially\ncrafted file or directory with the netrw plug-in, it could result in\narbitrary code execution as the user running Vim. (CVE-2008-3076)\n\nA security flaw was found in zip.vim, the Vim plug-in that handles ZIP\narchive browsing. If a user opened a ZIP archive using the zip.vim plug-in,\nit could result in arbitrary code execution as the user running Vim.\n(CVE-2008-3075)\n\nA security flaw was found in tar.vim, the Vim plug-in which handles TAR\narchive browsing. If a user opened a TAR archive using the tar.vim plug-in,\nit could result in arbitrary code execution as the user runnin Vim.\n(CVE-2008-3074)\n\nSeveral input sanitization flaws were found in various Vim system\nfunctions. If a user opened a specially crafted file, it was possible to\nexecute arbitrary code as the user running Vim. (CVE-2008-2712)\n\nUlf Harnhammar, of Secunia Research, discovered a format string flaw in\nVim's help tag processor. If a user was tricked into executing the\n\"helptags\" command on malicious data, arbitrary code could be executed with\nthe permissions of the user running Vim. (CVE-2007-2953)\n\nAll Vim users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "published": "2008-11-25T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0580", "cvelist": ["CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076", "CVE-2008-4101", "CVE-2008-6235"], "lastseen": "2017-09-09T07:20:14"}]}}